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L7: Entry 1 of 2 File: USPT Aug 28, 2001 



DOCUMENT- IDENTIFIER: US 6282656 Bl 

TITLE: Electronic transaction systems and methods therefor 



US PATENT NO. (1) : 
6282656 

Brief Summary Text (15) : 

In another embodiment, the invention relates to a method for completing a transaction 
request pertaining to an electronic transaction conducted over an electronic network 
having a server and a requesting device. The method includes receiving from the server 
at the requesting device a transaction program, which includes an executable portion. 
The method also includes receiving from a user at the requesting device transaction 
approval data, wherein the executable portion of the transaction program includes a 
first set of codes configured to encrypt the transaction approval data. There is also 
included encrypting the transaction approval data using the first set of codes . There 
is further included transmitting, using transaction program, the encrypted transaction 
approval data to the server to complete the electronic transaction. 

Detailed Description Text (27) : 

Program/ data memory 504 stores, among others, the codes which operate PEAD 200 as well 
as the user identification data and the user's private key. Program/ data memory 504 is 
preferably implemented using some form of non-volatile memory (NVM) such as flash 
memory, electrically programmable read-only memory (EPROM) , electrically erasable, 
programmable read-only memory (EEPROM) , or the like. Temporary memory 506 serves as a 
scratch pad for calculation purposes and for temporary storage of data, and may be 
implemented using some form of random access memory (RAM) such as static RAM or dynamic 
RAM, which are known in the art. Alternatively, either optical memory, magnetic memory, 
or other types of memory may be employed to implement program/ data memory 504 and/or 
temporary memory 506. 

Detailed Description Text (39) : 

FIG. 6B illustrates, in a simplified manner and in accordance with one aspect of the 
present invention, the hardware for implementing PEAD 200 of FIG . 6A. Battery 652 
provides power to the circuitry of PEAD 200. A microcontroller 654 executes codes 
stored in flash memory 656 and employs random access memory 658 for the execution. In 
one embodiment, microcontroller 654, flash memory 656, and even random access memory 
658 may be implemented on a single chip, e.g., a NC68HC05SCXX family chip from Motorola 
Inc. of Schaumburg, 111. is such as the NC68HC05SC28 . Approve button 606 and optional 
skip button 60 8 are coupled to microcontroller 654 to permit the user to indicate 
approval or rejection of a particular transaction displayed using display circuitry 
660. Communication to and from the electronic transaction system is accomplished under 
control of microcontroller 654 via an infrared transceiver 662. Power switch 664 
permits the user to power off PEAD 200 when not in use to conserve power and to prevent 
accidental approval. 

Detailed Description Text (58) : 

The executable portion of the TP preferably includes codes to automatically detect the 
presence of a transaction approval device (such as the aforementioned PEAD, a smart 
card device, a Credit Card Reader, or the like) so that the TP can employ the 
transaction approval device to complete the transaction (step 1004 of FIG. 110) . By way 
of example, the downloaded code may be configured to search the user's computer to 
detect whether a transaction approval device has been installed or to use the user's 
computer communication port(s) to query for the existence of a transaction approval 
device that may be external of the user's computer. 

Detailed Description Text (59) : 
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The executable portion of the TP may also include codes to obtain, through an 
appropriate input device, the user's identification for authentication. By way of 
example, the TP may obtain the user's signature, the user's facial image, finger print, 
voice print, DNA coding sequence through a tissue sample, or other unique biometrics or 
other unique identifying data. The obtained user's identification facilitates 
non-repudiation, i.e., it facilitates identification of the identity of the person 
conducting the transaction so that fraud detection may be improved or deniability may 
be minimized. Of course some of the identification data may already exist in the PEAD 
and if such identification data is obtained from the PEAD, the obtained identification 
may indicate at least that the person performing the transaction on the requesting 
device also has access to the PEAD. 

Detailed Description Text (60) : 

It should be appreciated, however, that some or all of the executable portion may not 
need to be downloaded every time and may be loaded once into the requesting device for 
subsequent use. Of course, the fact that the executable portion of the TP is 
downloadable, and preferably downloadable with a transaction to be approved, greatly 
simplifies the task of enabling electronic transactions even when the transaction 
approval device is updated (e.g., with new technologies), the communication protocol 
between the transaction approval device and the requesting device changes, or when a 
new transaction approval device is installed with the requesting device. In these 
cases, the TP containing the updated codes appropriate for the updated/new transaction 
device and/or protocol may be downloaded into the requesting device, either 
automatically with a transaction or upon request by the user, to enable electronic 
transactions . 

Detailed Description Text (65) : 

Note that since the downloaded TP is, in the preferred embodiment, endowed with 
encryption facilities, i.e., the encryption codes is included in the downloaded codes 
in this embodiment, the presence of a general purpose encryption facility (such as the 
aforementioned SSL) may not be required for secured transmission. In this manner, 
backward compatibility with requesting devices which are not even equipped with a 
secured transmission facility (e.g., the aforementioned SSL) while transmission 
confidentiality is assured. On the other hand, if the requesting device is endowed with 
the general purpose encryption facility (e.g., the aforementioned SSL), the presence of 
the encryption codes in the TP may not be required. Of course, it is also possible to 
encrypt using both the encryption facility of the TP and the general purpose encryption 
facility (e.g., the aforementioned SSL) together to encrypt data transmitted to the 
server . 



7 . The method of claim 1 wherein said executable portion further includes codes for 
authenticating a user by obtaining identification data pertaining said user"! 

11. A method for completing a transaction request pertaining to an electronic 
transaction conducted over an electronic network having a server and a requesting 
device, comprising: 

receiving from said server at said requesting device a transaction program, said 
transaction program including an executable portion; 

receiving from a user at said requesting device transaction approval data, wherein said 
executable portion of said transaction program includes a first set of codes configured 
to encrypt said transaction approval data; 

encrypting said transaction approval data using said first set of codes ; 

transmitting, using transaction program, said encrypted transaction approval data to 
said server to complete said electronic transaction. 

14. The method of claim 11 wherein said executable portion further includes codes for 
authenticating a user by obtaining identification data pertaining said user. 

24. The method of claim 19 wherein said executable portion further includes codes for 
authenticating a user by obtaining identification data pertaining said user. 



CLAIMS : 
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